News

Ethereum’s Soft Fork Called Off as it Introduces a New Attack Vector

The Ethereum Foundation has introduced a new Geth client version (1.4.9) that rolls back the changes made in the previous soft-fork-enabled software. A security alert was issued by Ethereum Foundation. In the announcement, the developer Felix Lange explained:

An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of legitimate transactions.

The Foundation seems incapable of taking any quick decision, indeed, the choices available to them are very limited: a hard fork needs to be implemented before July 14 to prevent the hacker from retrieving the stolen funds. In Felix Lange’s own words the follow-up actions are:

Available options are being considered. The community can avoid any negative consequences of the soft fork by voting against it until a better solution has been found. Note that, to the best of our knowledge, no funds can be retrieved from the affected DAOs until July 14th 2016. There is no immediate urgency to block transactions while further proposals are being worked out.

Another vulnerability was also found by GitHub user 9600- . a Péter Szilágyi said: a data race introduced by the rushed soft-fork that can lead to miners crashing if they are running transactions simultaneously with importing blocks from the network.

The events were negatively received by the markets: Ethereum’s valuation plummeted from $13.78 to a minimum of $11.6 (Data via Kraken). The price experienced a recovery in the past hours, hovering the $12.7 mark at the time of press.